<?php

    /**
     *
     *    Api - Ajax Calls
     *
     */

    require_once ('../Library/Ajax/Ajax.php');
    require_once ('../Library/Auth/Auth.php');
    require_once ('../Library/Cookies.php');
    require_once ('../Library/Html/Html_Form.php');


    $_return = array(
        'Auth'   => "FALSE",
        'URL'    => EMAIL_HOST . '?page=signin', // Return URL
        'Result' => "Incorrect Username "
    );

    // Testing from home
    $allow_from_ip = (RUNNING_MODE == "sandbox") ? TRUE : FALSE;

    /**
     *
     *  FORM hidden value , to prevent externals posts
     *
     */
    if (!Html_Form::_is_normal_call($_SESSION['_call_form'])) {
        trigger_error(" Attack ?? ");
        Ajax_Call::OUT($_return);
        return FALSE;
    }


    if ($results = file_get_contents("php://input")) {

        $results = json_decode($results, TRUE);

        //   if ($results['api_key'] != $shared_workforce_api_key) { die("Wrong API key!"); }

        $login = Ajax_Call::IN($results['user']);
        $pass  = Ajax_Call::IN($results['pass']);

        trigger_error(" USer $login Pass $pass ");

        /**
         *
         *  Securing ? session_id()
         *
         */
        $service = Ajax_Call::IN($results['call_service']);


        if (empty($login) || empty($pass)) {
            return FALSE;
        }

        /**
         *   Calls only from our domain
         *
         */
        if (Ajax_Call::is_Call_from_Host($allow_from_ip)) {
            if (filter_var($login, FILTER_VALIDATE_EMAIL)) {

                if (Auth::validation($login, $pass)) {
                    $_return['Auth'] = 'TRUE';
                    $_return['URL']  = 'login.php';

                }

            }
        }

        if ($service) {
            Ajax_Call::OUT($_return);
        } else {
            Ajax_Call::redir_after_calls($_return['URL']);
        }

    }